Univention Bugzilla – Bug 45237
postgresql-9.1: Multiple issues (4.2)
Last modified: 2017-08-30 16:29:46 CEST
We also need this for UCS 4.2: +++ This bug was initially created as a clone of Bug #45236 +++ Upstream Debian package version 9.1.24lts2-0+deb7u1 fixes these issues: * In some authentication methods empty passwords were accepted (CVE-2017-7546) * User mappings could leak data to unprivileged users (CVE-2017-7547) * The lo_put() function ignored ACLs (CVE-2017-7548)
Source package cherrypicked from Bug 45236 Built with fixed version number 9.1.24-0.A~4.2.0.201708211719. CVE-2017-7548 has not been fixed. Instead this one: * Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options (CVE-2017-7486) Advisory: postgresql-9.1.yaml
OK: apt-get install univention-postgresql OK: apt-get upgrade OK: Upgrade 9.1 -> 9.4, reboot OK: errata-announce -V --only postgresql-9.?.yaml OK: postgresql-9.?.yaml
<http://errata.software-univention.de/ucs/4.2/145.html>